---
description: Securing projects on Hasura Cloud
title: 'Cloud: Securing projects'
keywords:
  - hasura
  - docs
  - project
sidebar_position: 8
sidebar_label: Secure Projects
---

import Thumbnail from '@site/src/components/Thumbnail';
import HeadingIcon from '@site/src/components/HeadingIcon';
import ProductBadge from '@site/src/components/ProductBadge';

# Secure Projects

<ProductBadge free pro ee />

## Introduction

To make sure that your GraphQL endpoint is not publicly accessible, a randomly generated admin secret key is added by
default to your project at the time of project creation.

## Updating the admin secret

### Step 1: Go to settings

On the project overview, click on the settings icon on the top right of the relevant project.

<Thumbnail src="/img/projects/secure-settings.png" alt="Go to settings" width="865px" />

### Step 2: Navigate to env vars

On the `Env vars` tab, you will see the `HASURA_GRAPHQL_ADMIN_SECRET` env var.

<Thumbnail src="/img/projects/secure-admin-envvar.png" alt="Navigate to env vars" width="1100px" />

### Step 3: Update admin secret

Click on the `HASURA_GRAPHQL_ADMIN_SECRET` env var to update the value.

<Thumbnail src="/img/projects/secure-update-envvar.png" alt="Set admin secret" width="1100px" />

## Accessing Hasura

When you launch the Console from the Hasura Cloud dashboard, you'll be authenticated as an admin. If you want to make
API calls from outside the Console, you need to pass the admin secret as the <em>x-hasura-admin-secret</em> request
header.

:::info Note

The admin secret should be treated like a password i.e. it should be kept secret and shouldn't be passed from frontend
clients. Refer [this](/auth/authentication/index.mdx) to set up user authentication.

:::
